Tech companies are pushing back against biometric privacy laws; Lauren Reynolds, Rose Law Group litigation attorney who focuses on privacy and data breach issues, comments

Privacy advocates cheered when Illinois passed its Biometric Information Privacy Act (BIPA) in 2008 regulating commercial use of finger, iris, and facial scans. With companies such as Facebook Inc. and Google Inc. developing facial tagging technology, it was clear that laws would be needed to ensure companies didn’t collect and use biometric data in ways that compromised an individual’s right to privacy. If you lose your credit card, it’s easily replaced. But what happens when a company loses, or tries to profit from, your fingerprint?

Although the Illinois law was seen as a possible model for other states, aggressive lobbying by companies most interested in gathering biometrics has reshaped or killed similar efforts across the country. Only two other states have enacted biometric privacy laws—Texas, in 2009, and Washington, in May. Bills introduced in eight other states didn’t pass, leaving a regulatory chasm over data privacy across the U.S. In some states, like New York, agreeing on even a basic definition of biometrics to include in the proposals was a challenge. Congress and the White House remain committed to using biometrics in the interest of intelligence gathering and national security, while retail regulation has been limited to best practices’ guidance by the Federal Trade Commission.

“Many people might think of biometric information in the context of keeping information secure or making the use of certain products more convenient —in instances of the lock-screen of an individual’s phone or for access to restricted areas and Facebook’s facial tagging technology. However, tempted by this security and convenience, consumers are providing an extremely valuable and irreplaceable commodity for these companies to use, collect, and possibly sell. Consumers have become accustomed to providing information, including biometric information, without thinking about it. Educating oneself regarding a company’s use of such information is vital, especially given the efforts by these companies to oppose regulation in this arena.”